Date: Sat, 6 Jul 2002 17:35:49 -0500 From: Redmond Militante <r-militante@northwestern.edu> To: freebsd-questions@FreeBSD.org Subject: stuck on ipfw/natd config Message-ID: <20020706173549.A493@darkpossum>
next in thread | raw e-mail | index | archive | help
--FL5UXtIhxfXey3p5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi all i've been trying to get ipfw/natd going, with no luck. i was wondering if = anyone could point me to some good, *up-to-date* documentation on how this = is done. i'd like to set up one machine with ipfw/natd &/of ipf/ipnat (alt= hough the documentation on the internet for ipf i find to be even more obtu= se &/or out of date) to serve as a gateway for about 5-10 machines, all wit= h static ips, although i've installed dhcpd to provide for dhcp machines to= be hooked up to it in the future. i've bought 'FreeBSD Unleashed' from SA= MS press, but the documentation on setting up ipfw/nat is scant and to me i= t looks like it's missing some really obvious steps - like recompiling your= kernel for firewall/nat... so i've been mainly following the directions at= http://www.kcgeek.com/content/features/1020842040.blather.howto/feature.ht= ml, changing a few things for my setup. i haven't even gotten to configuring any rules for the firewall, as i can't= even seem to get natd to work as of yet. here's my system specs: dell op= tiplex gx150 1 ghz, 128 meg ram, 2 nics - one integrated 3com 3c905x, one p= ci 3com 3c905x. freebsd4.6. the pci nic -xl0 - is to be used externally, th= e integrated nic - xl1 - is to be used for the internal network. so far i'v= e: 1. added the following lines to /etc/rc.conf gateway_enable=3D"YES"=20 natd_enable=3D"YES"=20 natd_interface=3D"xl1"=20 natd_flags=3D"-s -u -m"=20 firewall_enable=3D"YES"=20 firewall_logging_enable=3D"YES"=20 firewall_quiet=3D"NO"=20 firewall_type=3D"open"=20 hostname=3D"[your hostname here]"=20 ifconfig_xl0=3D"inet xxx.xxx.xxx.xxx (my static ip) netmask 255.255.255.0" = //external nic ifconfig_xl1=3D"inet 192.168.70.230 netmask 255.255.255.0" //internal nic 2. then i downloaded dhcp-3.0pl1.tar.gz from ISC's ftp site to /usr/src. = =20 gzip -cd dhcp-3.0.tar.gz | tar xvf cd dhcp-3.0pl1 =2E/configure make, make install 3. created /usr/local/etc/rc.d/dhcpd.sh #!/bin/sh /usr/sbin/dhcpd xl1 -q=20 4.Opened /etc/dhcpd.conf: # vi /etc/dhcpd.conf=20 =20 and inserted the following lines:=20 =20 option domain-name "[my internal network domain name here]";=20 option domain-name-servers [my DNS server IP here];=20 ddns-updates off;=20 ddns-update-style none;=20 =20 default-lease-time 600;=20 max-lease-time 7200;=20 =20 authoritative;=20 =20 subnet 192.168.70.0 netmask 255.255.255.0 {=20 range 192.168.70.100 192.168.70.150; option domain-name "[my internal netwo= rks domain name here]"; option domain-name-servers [my DNS server IP here];= =20 =20 default-lease-time 600;=20 max-lease-time 7200;=20 option routers 192.168.70.230; option broadcast-address 192.168.70.255;=20 default-lease-time 600;=20 max-lease-time 7200;=20 }=20 5. # touch /var/db/dhcpd.leases=20 # chmod 644 /var/db/dhcpd.leases start the server: # /usr/local/etc/rc.d/dhcpd.conf #shutdown -r now, reboot change default gateway on 2nd machine to external nic's ip i have: ethernet cable from wall (t100 line) to external nic, ethernet cabl= e from internal nic to hublet, ethernet cable from hublet to 2nd machine. reboot both machines, and it doesn't seem to work. the 2nd machine is a we= bserver, i can't go to a third machine and bring up any pages. anyways, i've been plugging at it for 3-4 days now, all day. i have a feel= ing i'm missing something really simple. if anyone more experienced could = clue me in or point me to some good howto's i'd really appreciate it. thanks again redmond -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9J3DBFNjun16SvHYRAl2HAKCn5nPhAOwWxE54+TFYG6StCTLCvQCeKEcU DcgxODkUR0BKRIFBX2F0nC0=3D =3DvBmI -----END PGP SIGNATURE----- --FL5UXtIhxfXey3p5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9J3DFFNjun16SvHYRAvC3AJ0aCE3ueieIt+ZVPbMX72X7wr5KVQCfcgmC 7gXPiagW3rIFcg6DjcDf8xM= =Nk8H -----END PGP SIGNATURE----- --FL5UXtIhxfXey3p5-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020706173549.A493>